master/html/AssignedStageRoleHandlerOperationPolicy_8inc_8php_source.html

<?php

import('lib.pkp.classes.security.authorization.RoleBasedHandlerOperationPolicy');


class AssignedStageRoleHandlerOperationPolicy extends RoleBasedHandlerOperationPolicy {


   var $_stageId;


   function __construct($request, $roles, $operations, $stageId,

         $message = 'user.authorization.assignedStageRoleBasedAccessDenied',

         $allRoles = false) {

      parent::__construct($request, $roles, $operations, $message, $allRoles);


      $this->_stageId = $stageId;

   }


   //

   // Implement template methods from AuthorizationPolicy

   //

   function effect() {

      // Check whether the user has one of the allowed roles

      // assigned. If that's the case we'll permit access.

      // Get user roles grouped by context.

      $userRoles = $this->getAuthorizedContextObject(ASSOC_TYPE_ACCESSIBLE_WORKFLOW_STAGES);

      if (empty($userRoles) || empty($userRoles[$this->_stageId])) return AUTHORIZATION_DENY;


      if (!$this->_checkUserRoleAssignment($userRoles[$this->_stageId])) return AUTHORIZATION_DENY;

      if (!$this->_checkOperationWhitelist()) return AUTHORIZATION_DENY;


      return AUTHORIZATION_PERMIT;

   }

}